vps-configuration.env.nix: Finish working Nextcloud installation

8 files changed, 24 insertions, 26 deletions

diff --git a/TODOs.org b/TODOs.org
index 655a294..7abc29b 100644
--- a/TODOs.org
+++ b/TODOs.org
@@ -1,7 +1,7 @@
 * Tasks - v4
-** TODO nginx magic =sslCiphers= value
-Why not the default? What do those mean?
+** TODO snapshot with swap
 ** TODO cron: borg, postgresql backup and nixos update
+** TODO Configure PostgreSQL permissions correctly
 ** TODO Harden the server
 *** TODO [#C] [[https://www.reddit.com/r/selfhosted/comments/bw8hqq/top_3_measures_to_secure_your_virtual_private/][Top 3 measures to secure your Virtual Private Server? (VPS)]]
 *** TODO [#A] [[https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html][Nextcloud: Hardening and security guidance]]
@@ -97,3 +97,5 @@ We could use the raw Droplet IP instead of the DNS A record, but I prefer callin
 * Scrath
 https://federationtester.matrix.org/
 EteSync?
+
+DHCP?
diff --git a/secrets/terraform/plan-files/2020-08-11T08:30:21-03:00 b/secrets/terraform/plan-files/2020-08-11T08:30:21-03:00
new file mode 100644
index 0000000..2db2b05
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-08-11T08:30:21-03:00
diff --git a/secrets/terraform/plan-files/2020-08-11T08:31:21-03:00 b/secrets/terraform/plan-files/2020-08-11T08:31:21-03:00
new file mode 100644
index 0000000..c2b5e1f
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-08-11T08:31:21-03:00
diff --git a/secrets/terraform/plan-files/2020-08-11T08:38:03-03:00 b/secrets/terraform/plan-files/2020-08-11T08:38:03-03:00
new file mode 100644
index 0000000..d5a71ee
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-08-11T08:38:03-03:00
diff --git a/secrets/terraform/plan-files/2020-08-11T08:38:25-03:00 b/secrets/terraform/plan-files/2020-08-11T08:38:25-03:00
new file mode 100644
index 0000000..6d37e6c
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-08-11T08:38:25-03:00
diff --git a/secrets/terraform/terraform.tfstate b/secrets/terraform/terraform.tfstate
index 57aa188..a549b1c 100644
--- a/secrets/terraform/terraform.tfstate
+++ b/secrets/terraform/terraform.tfstate
diff --git a/secrets/terraform/terraform.tfstate.backup b/secrets/terraform/terraform.tfstate.backup
index 0401d8d..9ef552e 100644
--- a/secrets/terraform/terraform.tfstate.backup
+++ b/secrets/terraform/terraform.tfstate.backup
diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix
index 2283449..304c124 100644
--- a/vps-configuration.env.nix
+++ b/vps-configuration.env.nix
@@ -7,9 +7,13 @@ let
     letsencryptEmail = "$LETSENCRYPT_EMAIL";
     authorizedKey = "$AUTHORIZED_KEY";
     userPassword = "$USER_PASSWORD";
+    nextcloudDatabaseUser = "$NEXTCLOUD_DATABASE_USER";
     nextcloudDatabasePassword = "$NEXTCLOUD_DATABASE_PASSWORD";
+    nextcloudAdminUser = "$NEXTCLOUD_ADMIN_USER";
     nextcloudAdminPassword = "$NEXTCLOUD_ADMIN_PASSWORD";
+    nextcloudTablePrefix = "$NEXTCLOUD_TABLE_PREFIX";
     gitRoot = "$GIT_ROOT";
+    systemStateVersion = "$SYSTEM_STATE_VERSION";
   };
 in {
   imports = [ ./hardware-configuration.nix ];
@@ -57,45 +61,37 @@ in {
           enableACME = true;
         };
       };
+    };
 
-      gitweb = {
-        enable = true;
-        location = "";
-        virtualHost = envsubstConfiguration.gitTLD;
-      };
+    postgresql = {
+      enable = true;
+      ensureDatabases = [ "nextcloud" ];
+      package = pkgs.postgresql_11;
+      ensureUsers = [{
+        name = "nextcloud";
+        ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
+      }];
     };
 
     nextcloud = {
       enable = true;
+      package = pkgs.nextcloud19;
+      nginx.enable = true;
       hostName = envsubstConfiguration.nextcloudTLD;
       https = true;
+      maxUploadSize = "4G";
       autoUpdateApps.enable = true;
-      autoUpdateApps.startAt = "05:00:00";
       config = {
         overwriteProtocol = "https";
         dbtype = "pgsql";
-        dbuser = "nextcloud";
         dbhost = "/run/postgresql";
-        dbname = "nextcloud";
+        dbuser = envsubstConfiguration.nextcloudDatabaseUser;
         dbpass = envsubstConfiguration.nextcloudDatabasePassword;
-        adminuser = "admin";
+        dbtableprefix = envsubstConfiguration.nextcloudTablePrefix;
+        adminuser = envsubstConfiguration.nextcloudAdminUser;
         adminpass = envsubstConfiguration.nextcloudAdminPassword;
       };
     };
-
-    postgresql = {
-      enable = true;
-      ensureDatabases = [ "nextcloud" ];
-      ensureUsers = [{
-        name = "nextcloud";
-        ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
-      }];
-    };
-
-    gitweb = {
-      gitwebTheme = true;
-      projectroot = envsubstConfiguration.gitRoot;
-    };
   };
 
   systemd.services."nextcloud-setup" = {
@@ -111,5 +107,5 @@ in {
     openssh.authorizedKeys.keys = [ envsubstConfiguration.authorizedKey ];
   };
 
-  system.stateVersion = "20.03";
+  system.stateVersion = envsubstConfiguration.systemStateVersion;
 }